<?
include('./header.inc');
include('./database.inc');

    function convert_to_filename ($string) {
     
    $string = str_replace (" ", "_", $string);
    $string = str_replace ("..", ".", $string);
     
    preg_replace ("/[^0-9^a-z^_^.]/", "", $string);
    return $string;
    }

if (!isset($_POST['sid'])){
	header( 'Location: ./slides.php' ) ;
	die();
}
$sid = mysql_real_escape_string($_POST['sid']);
if (!isset($_POST['submitted'])){
	header( 'Location: ./newslide.php' ) ;
	die();
}

if (empty($_POST['name'])){
	notify("error", "Please Give The Slides A Name");
	header( 'Location: ./newslide.php' ) ;
	die();
}

$name = mysql_real_escape_string($_POST['name']);
$folder = convert_to_filename($name);
$query1 = "SELECT * FROM slides WHERE slide_name = '$name' AND slide_id != '$sid'";
$result1 = mysql_query($query1);
$num_rows = mysql_num_rows($result1);
if ($num_rows > 0){
	notify("error", "Slide Name Already Used");
	header( 'Location: ./newslide.php' ) ;
	die();
}

$query2 = "SELECT * FROM slides WHERE slide_id = '$sid'";
$result2 = mysql_query($query2);
$row = mysql_fetch_array( $result2 );

if ($row['folder'] != $folder){
	rename("../images/".$row['folder'], "../images/".$folder);
}

$notes = mysql_real_escape_string($_POST['notes']);


$query = "UPDATE slides SET slide_name = '$name',  notes = '$notes',  folder = '$folder' WHERE slide_id = '$sid'";
$result = mysql_query($query);

notify("success", "Slide \"$name\" Updated");
header( 'Location: ./slides.php' ) ;

?>